[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tls ssl ftp connection over iptables


On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron
<bastien.rocheron@free.fr> wrote:

> I have an iptable packet filter which does his job well but when I
> decide to allow only tls connections over the ftp server people can
> connect on the server in active mode because I said to the packet
> filter to let everything come thru the ftp port but just after the
> connection is made it hangs and nothing more happens. I suppose it's
> because of the data port which is given randomly and this one is
> cyphered so the packet filter gets mad about it and drop the packets.

The FTP-conntrack can't look into the control channel and thus cannot
detect which data port will be used - thus no data port is ever opened.

One workaround would be to allow all outgoing connections and use


Volker Tanger
ITK Security

Reply to: